Package com.atlassian.confluence.security.service

Class DefaultXsrfTokenService

  • All Implemented Interfaces:
    XsrfTokenService
    public class DefaultXsrfTokenService
extends Object
implements XsrfTokenService
    This implementation unfortunately duplicates the logic of XsrfTokenInterceptor as a proper adaption turns out too complex due to the extensive use of ThreadLocals in the underlying code.

    • Constructor Detail

      • DefaultXsrfTokenService

        public DefaultXsrfTokenService​(com.atlassian.xwork.XsrfTokenGenerator tokenGenerator)

    • Method Detail

      • generate

        @Deprecated
public com.atlassian.fugue.Pair<String,​String> generate​(javax.servlet.http.HttpServletRequest request)
        Deprecated.
        since 7.0.1. Use XsrfTokenService.generateToken(HttpServletRequest)
        Description copied from interface: XsrfTokenService
        Generate and bind a token pair to the session.
        Specified by:
        generate in interface XsrfTokenService
        Parameters:
        request - the request used to identify the session, will be created if none is present
        Returns:
        a token pair to be used for the modifying request, containing the parameter key in the left part and the token value in the right part

      • validate

        @Deprecated
public com.atlassian.fugue.Maybe<Message> validate​(javax.servlet.http.HttpServletRequest request)
        Deprecated.
        since 7.0.1. Use XsrfTokenService.validateToken(HttpServletRequest)
        Description copied from interface: XsrfTokenService
        Validate if the given request contains the token bound to the request's session.
        Specified by:
        validate in interface XsrfTokenService
        Parameters:
        request - the request used to identify the session and containing the token parameter
        Returns:
        maybe error messages, thus Maybe.isEmpty() indicates a successful flow